An upcoming data treaty between the US and the UK has generated several headlines over the past few days. Following a report by Bloomberg, there have been concerns the treaty will force social media companies like Facebook and WhatsApp to share encrypted messages with law enforcement officials in the UK.
In recent years, government and law enforcement officials have increasingly argued that end to end encryption allows criminals such as terrorists and sexual abusers to cover their tracks. In May, the UK intelligence agency, GCHQ, published a proposal outlining a solution that would allow police to access private messages without breaking encryption. The agency suggested for a “ghost user” from the police to be added anonymously as a third party to a group chat or call. Apple, Google, Microsoft and WhatsApp pushed back against the proposal decrying it to be a serious threat to trust and security.
In addition, following a meeting of the Five Eyes nations in July, Priti Patel, the UK’s Home Secretary called for greater pressure on social media firms to find ways to give intelligence agencies access to messages on their platforms.
What is end to end encryption?
End to end encryption which is at the heart of current security concerns of the data treaty is used by companies such as WhatsApp. It helps to make sure only you and the person you’re communicating with can read the messages you send. No third party (not even WhatsApp) can access the messages once it is encrypted.
What information will the police have access to under the treaty?
According to former Facebook chief security officer Alex Stamos, “The treaty does not grant UK enforcement officials access to any information a US court can’t get already.” The agreement between both countries is for the UK to get faster access to information US officials already have access to. Metadata such as who messages who, when, and how often are the information that will be shared. The purpose of which is to support investigations into individuals accused of serious crimes such as terrorism and paedophilia. Whilst privacy fears are not without cause, the treaty will not involve breaking end to end encryption or creating a back door.
The treaty is scheduled to be finalised in October.
Jamal Ahmed, lead Privacy and GDPR compliance consultant at Kazient Privacy Experts comments, “Imagine a loved one was harmed and the police were unable to obtain crucial evidence due to the privacy rights of the perpetrator? The delicate and important work law enforcement and national security agencies conduct is of great importance.” He further adds, “It is because of their invaluable efforts we can all go to bed at night feeling relatively safe. It is important to strike a balance between safety and security and an individual’s right to their privacy.”
Facebook and WhatsApp respond
In a statement released by Facebook, the firm responded, “We oppose government attempts to build backdoors because they would undermine the privacy and security of our users everywhere. Government policies like the Cloud Act allow companies to provide available information when we receive valid legal requests and do not require companies to build back doors.”
Will Cathcart, head of WhatsApp has also disputed the claim of sharing encrypted information. In a statement on Hacker News he says, “We were surprised to read this story and are not aware of discussions that would force us to change our product.”
In response to the possibility of a backdoor, he added: “We are completely opposed to this. Backdoors are a horrible idea and any government who suggests them is proposing weakening the security and privacy of everyone.”
The battle between law enforcement agencies and tech firms will certainly continue in a world riddled with security challenges.
Kazient Privacy Experts offer bespoke Data Protection, Privacy and GDPR compliance solutions in a language you understand to UK and international organisations, and has received positive media coverage across Europe. Kazient’s GDPR consultants are fully certified to be your outsourced Data Protection Officer or EU Representative. Get in touch to find out how we can help your business by visiting our website www.kazient.co.uk or calling us on 0330 022 9009.